Engineering
Current Development
Last Updated: 2026-07-02
Updated after UAT setup session. See AI Session Handoff for full session detail.
Current Objective
Complete UAT execution at uat.sonandigital.com and resolve defects found during testing before production sign-off.
Current Milestone โ UAT v1.0
| Item | Status |
|---|---|
UAT environment live (uat.sonandigital.com) | โ Done |
| UAT Supabase database (separate from prod) | โ Done |
| UAT test accounts created and linked | โ Done |
| UAT test execution | ๐ In Progress |
| Defect resolution | โณ Pending UAT findings |
| Sign-off | โณ Pending |
Recently Completed
Items completed in the most recent development session (2026-07-02):
| Item | Detail |
|---|---|
| Invite Client to Portal | New feature: POST /api/admin/clients/[id]/invite-portal creates a Supabase auth user and links clients.user_id. UI card added to Client Detail โ Info tab. Super admin can revoke access (DELETE). 14 unit tests pass. |
| Employee portal theme fix | Sidebar was hardcoded bg-[#0A0A0A] (black). Fixed to bg-[#1B3A6B] (navy brand colour). Topbar and content area made theme-aware. |
| Portal documents full-width | PortalDocumentsClient.tsx had max-w-3xl mx-auto constraining the layout. Removed to match other portal pages. |
| UAT environment setup | uat.sonandigital.com custom domain configured on Vercel Preview / dev branch. Cloudflare CNAME added. UAT client accounts linked to Crystal Dynamics and BlueSky Ventures. |
| Types fix | Client interface in src/lib/supabase/types.ts was missing user_id: string | null. Added. |
Known Bugs (Open)
Accepted gaps from v1.0 not yet resolved. Full detail in the Releases โ v1.0 Known Issues page.
| ID | Severity | Summary | Target |
|---|---|---|---|
| HIGH-1 | High | No custom rate limiting on API routes | v1.1 |
| HIGH-4 | High | Silent email delivery failures, no retry queue | v1.1 |
| HIGH-6 | High | Signed document download URLs expire after 1 hour | v1.1 |
| HIGH-7 | High | No TOTP recovery codes โ locked-out user requires admin reset | v1.1 |
Resolved since v1.0 release
HIGH-2 (PDF generation) โ print pages implemented. HIGH-3 (Audit log) โ logAudit() helper and admin UI page implemented. HIGH-5 (Recurring invoice email) โ implemented in Sprint 9.
Deferred Work
- Upstash rate limiting on API routes (HIGH-1)
- Email delivery retry queue (HIGH-4)
- Long-lived signed URLs for documents (HIGH-6)
- TOTP recovery codes (HIGH-7)
- QuickBooks integration
- Multi-agency SaaS onboarding flow
Next Recommended Task
- Continue UAT execution โ work through all test cases in the UAT Execution Guide
- Log any defects found in the Defect Log
- After UAT complete: update AI Session Handoff and this page
- After sign-off: merge
devโmainfor production release
Estimated Production Readiness
| Area | Status | Notes |
|---|---|---|
| Core CRM modules | โ Production-ready | All modules implemented and tested |
| Client portal | โ Production-ready | Invite flow, portal access, all pages |
| Employee portal | โ Production-ready | Theme fixed, all features working |
| Authentication & MFA | โ Production-ready | TOTP MFA, session management |
| Email notifications | โ Production-ready | 8+ transactional email types |
| Stripe payments | โ Production-ready | Checkout, webhooks, auto-paid status |
| Rate limiting | โ ๏ธ Partial | Supabase Auth built-in only; no app-level rate limits |
| Audit log | โ Implemented | logAudit() + admin UI page |
Important Notes
- The
devbranch deploys to uat.sonandigital.com. Themainbranch deploys to production. - All git commits from the sandbox must use the FUSE-safe plumbing pattern. Never use
git addon FUSE-mounted paths. - The sandbox cannot push to GitHub โ Adnan always pushes from the Windows terminal.